crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firwall_new] Dans le dictionnaire des machines accessible depuis accueil, on stocke aussi le dns de la machine, on modifie firewall_new en conséquence.

Browse source
This commit is contained in:
Valentin Samir 2013-02-09 17:43:46 +01:00
parent 9477bafd68
commit fee4e88908
1 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gestion/gen_confs/firewall_new.py
View file

@ -1585,6 +1585,7 @@ class firewall_routeur(firewall_crans):
iptables("-P FORWARD DROP") iptables("-P FORWARD DROP")
for ip in accueil_route.keys(): for ip in accueil_route.keys():
for type in accueil_route[ip].keys(): for type in accueil_route[ip].keys():
if type in ['udp', 'tcp']:
for port in accueil_route[ip][type]: for port in accueil_route[ip][type]:
iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port)) iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port)) iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
@ -1597,6 +1598,7 @@ class firewall_routeur(firewall_crans):
#intranet et wiki pour le vlan accueil #intranet et wiki pour le vlan accueil
for ip in accueil_route.keys(): for ip in accueil_route.keys():
for type in accueil_route[ip].keys(): for type in accueil_route[ip].keys():
if type in ['udp', 'tcp']:
for port in accueil_route[ip][type]: for port in accueil_route[ip][type]:
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port)) iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port)) iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))